This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

<sec:global-method-security>

Oct 31st, 2011, 08:25 AM

Could anyone please describe for me, or point me to a description of, what the security shorthand
<sec:global-method-security secured-annotations="enabled" />

does? It looks like I need to build an entire HTTP processing filter chain from scratch using bean notation, and I'd like to know what authentication-managers, filters, voters, annotation processors, etc. need to be created. I love the security namespace shorthand, except when it doesn't exactly fit my problem. I find it difficult to reimplement certain security namespace tags using standard bean XML, as I haven't found documentation as to what each sec tag actually does.

In this case, I need to have @Secured method annotations processed and enforced by the voters, but without a number of the other parts of the standard HTTP filter chain. I haven't even been able to figure out which voter @Secured annotations apply to. I see there is a Jsr250Voter for those annotations, but none for secured-annotations. Perhaps @Secured just uses the RoleVoter?